LEGAL WARNING:
Use of PuTTY, PSCP, PSFTP and Plink is illegal in countries where
encryption is outlawed. We believe it is legal to use PuTTY, PSCP,
PSFTP and Plink in England and Wales and in many other countries, but
we are not lawyers, and so if in doubt you should seek legal advice
before downloading it. You may find useful information at
cryptolaw.org, which collects
information on cryptography laws in many countries, but we
can't vouch for its correctness.

Use of the Telnet-only binary (PuTTYtel) is unrestricted by any
cryptography laws.

Latest news

2018-08-25 GPG key rollover

This week we've generated a fresh set of GPG keys for signing PuTTY
release and snapshot builds. We will begin signing snapshots with the
new snapshot key, and future releases with the new release key. The
new master key is signed with the old master keys, of course. See
the keys page for more information.

2017-07-08 PuTTY 0.70 released, containing security and bug fixes

PuTTY 0.70, released today, fixes further problems with Windows DLL
hijacking, and also fixes a small number of bugs in 0.69, including
broken printing support and Unicode keyboard input on Windows.

2017-04-29 PuTTY 0.69 released, containing security and bug fixes

PuTTY 0.69, released today, fixes further problems with Windows DLL
hijacking, and also fixes a small number of bugs in 0.68, including
broken MIT Kerberos support and the lack of jump lists on the Start
Menu.

Right now, the 64-bit builds work as far as we know, but they haven't
had as much testing as the 32-bit ones. So we're still considering the
32-bit builds to be more likely to be stable. However, if you have any
reason to want to use a 64-bit build (e.g. it needs to load a 64-bit
supporting DLL for something like GSSAPI), or if you just feel like
trying out the new builds, then please let us know if you have any
trouble.

We've also redesigned our website. The old Download page isn't there
any more: instead, we have separate pages for the
latest release
and the
development snapshots.
Also, you can find past release builds of PuTTY by following links
from the
Changes page,
in case those are useful to you. (However, most of them have known
vulnerabilities these days; we don't recommend you use any vulnerable
past release if you can avoid it.)

2016-03-10 Switching to MSI-format Windows installer

We're switching to the MSI format for PuTTY's Windows installer
(generated by the WiX toolset).

Mostly this is because of the
report
late last year that Windows installers created by Inno Setup are
vulnerable to being hijacked by particular DLLs left in the same
directory (such as your browser downloads directory).

However, MSI also provides some other useful features, including
automated silent install/uninstall via msiexec /q, and
also the ability to automatically put the PuTTY install directory on
the PATH so that Command Prompts can run PSCP without any
fuss.

The development snapshots will now have MSI installers, and we have
also retrospectively generated an MSI installer for the recent 0.67
release. Sorry we didn't have it ready in time – MSI is quite
complicated if you're not an expert, and it took a long time to get it
to work!

For the moment, we're still providing Inno Setup installers as well,
in case anyone has trouble with our new and not-very-tested MSIs. But
we recommend that people use the MSI if possible, and if you must use
the Inno Setup installer, make sure to put it in an empty directory
before running it.

2016-03-05 PuTTY 0.67 released, fixing a SECURITY HOLE

PuTTY 0.67, released today, fixes a security hole in 0.66 and
before:
vuln-pscp-sink-sscanf. It
also contains a few other small bug fixes.

Also, for the first time, the Windows executables in this release
(including the installer) are signed using an Authenticode
certificate, to help protect against tampering in transit from our
website or after downloading. You should find that they list "Simon
Tatham" as the verified publisher.

2015-11-07 PuTTY 0.66 released, fixing a SECURITY HOLE

PuTTY 0.66, released today, fixes a security hole in 0.65 and
before:
vuln-ech-overflow. It
also contains a few other small bug fixes and minor features.

2015-09-02 GPG key rollover

This week we've generated a fresh set of GPG keys for signing PuTTY
release and snapshot builds. We will begin signing snapshots with the
new snapshot key, and future releases with the new release key. The
new master key is signed with the old master keys, of course. See
the keys page for more information.

2015-07-25 PuTTY 0.65 released, containing bug fixes

PuTTY 0.65, released today, fixes the Vista bug where the
configuration dialog became invisible, and a few other bugs, large and
small.

2015-06-21 Pre-releases of 0.65 now available

We're working towards a 0.65 release. This will be a bug-fix release:
it will not contain the various new cryptographic features in the
development snapshots, but it will contain large and small bug fixes
over 0.64, including in particular a fix for the
recent Vista-specific
bug in which the configuration dialog becomes invisible. We'd
appreciate testing of the pre-release builds, which are available from
the Download page as usual.

2015-05-19 Malware pretending to be PuTTY

A Symantec blog post warns that a trojaned copy of PuTTY has been detected in the wild. Fortunately, it's easily recognisable by its version identification ("Unidentified build, Nov 29 2013 21:41:02"). If you've encountered this version, we suggest you treat any machine that's run the malicious version as potentially compromised, change any passwords that might have been stolen, and resecure the accounts they protect.

2015-04-19 PuTTY detected as malware

We've had several reports recently of anti-virus software reporting
PuTTY as malware (under a wide variety of names, often generic). This
affects the latest release (0.64) and also the development snapshots
(particularly puttygen.exe).

We believe these are false positives. In those cases where we've been
able to contact the vendor (McAfee, Symantec, ClamAV), they have
removed the detection.

However, most vendors' false-positive response is to whitelist
specific binaries. While this will resolve detections of the 0.64
release, expect detections to recur with the development snapshots,
which are built daily.

We've had no success requesting AV software vendors to perform more
in-depth analysis. If this is causing trouble for you, and you have a
support contract with your AV vendor, please query the detection with
them directly.